Welcome to the Matrix

In what civil liberties advocates call the most massive database surveillance program in U.S. history, the Multistate Anti-Terrorism Information Exchange, or Matrix, continues to compile billions of records on law-abiding citizens and receive federal funding, despite public outcry and suspicion.

A Florida-based company, Seisint, Inc., created the database shortly after the terror attacks of Sept. 11, 2001, by combining the company’s own commercial databases with law enforcement records.

Now law enforcement officials in participating states can comb the database to investigate ordinary crimes and terrorist threats. Matrix contains an unprecedented amount of information: current and past addresses and phone numbers, arrest records, real estate information, photographs of neighbors and business associates, car make, model and color, marriage and divorce records, voter registration records, hunting and fishing licenses, and more.

For example, a user could identify all brown-haired divorced male residents of Minneapolis who drive a red Toyota Camry and are registered to vote. The data can then be displayed in “social networking charts,” showing connections between individuals, photo line-ups and “target maps,” according to internal Seisint documents obtained by The New Standard after a Freedom of Information Act request by the American Civil Liberties Union (ACLU). One of the documents boasts, “When enough insignificant data is gathered and analyzed IT BECOMES SIGNIFICANT.” (original emphasis)

Seisint sells database access to individual states. Sixteen states went through a pilot program, but after negative media coverage and concern from citizens, politicians, and even law enforcement officials, all but Florida, Michigan, Pennsylvania, Connecticut and Ohio have decided to stop using Matrix.

The states that remain show no signs of bowing to public pressure. In Florida, law enforcement and government officials have become progressively more involved in the inner workings of Matrix. The supercomputers that hold the data are housed in Seisint’s Boca Raton offices, guarded by Florida state police. The Florida Department of Law Enforcement acts as “Security Agent” for the system, even outside the state.

The federal government also plays an active role. In January 2003, Florida Governor Jeb Bush met with Vice President Dick Cheney to demonstrate how the program could be used by law enforcement, and to request additional funding. The Department of Justice gave Seisint $4 million in grants in 2003. The Department of Homeland Security also provided $8 million to help run Matrix, and, last year, assumed “managerial oversight and control” of the database, according to the agreement between the DHS and Seisint.

Civil liberties advocates claim that the Matrix is amassing records on ordinary people that, in a worse case scenario, could be used to track “suspicious” individuals, and to round up those likely of committing a crime  before any crime has occurred. Matrix officials dismiss these claims, arguing that the database is just a faster way to locate criminals and terrorists.

Bill Shrewsbury, vice president of Seisint, puts it simply. By using Matrix, he said, “You stop bad people quicker before they hurt someone else. It’s that simple. There’s no secrets here.”

But the project remains under suspicion from civil liberties and privacy advocates who have expressed a number of serious concerns, including whether the database is used to conduct “data mining,” a process by which data is searched to identify potential criminals or terrorists before any crime is committed. Also of concern is the company’s secrecy about precisely what kind of data Matrix includes and how vulnerable the data is to being stolen, altered or misused by hackers.

Seisint officials have repeatedly denied that the Matrix is used for data mining. Instead, they say, the Matrix is used to locate potential suspects immediately after a crime has occurred. For example, in a child kidnapping case, Matrix could quickly identify all men with sex offender status living in a certain area who drive a car of a particular make and model.

“Its not like I leave at night, and I’ve asked the system, ‘Hey, find me a terrorist,’ and I come in the next morning and it has ten potential terrorists,” said Mark Zadra, Chief of Investigations and Officer of Statewide Intelligence for the Florida Department of Law Enforcement.

However, according to the documents uncovered by the ACLU, Seisint has also used data for exactly that purpose. Three days after 9/11, Seisint created a “terrorism quotient” to identify potential terrorists in the general population. Matrix was still in the development stage, but company officials used “Seisint artificial intelligence,” billions of public records, and public Federal Aviation Administration information  information Matrix now contains  to conduct the search.

A January 2003 slide presentation by Seisint lists some of the criteria for identifying potential terrorists: age and gender, “what they did with their driver’s license,” either pilots or associations to pilots, proximity to “dirty addresses/phone numbers, investigational data, how they shipped, how they received, social security number anomalies, credit history, and ethnicity.”

According to Seisint’s presentation, an initial search revealed 120,000 individuals with a “High Terrorist Factor” score; Seisint gave the list of names to the INS, FBI, the Secret Service, and the Florida Department of Law Enforcement. Slides from the presentation state that it led to “several arrests within one week,” and “scores of other arrests.” Who was arrested, and whether they were convicted of or even charged with any actual crime remains unknown.

In addition, the company claims to have identified five of the 9/11 hijackers, after the fact.

Christopher Calabrese, program counsel for the ACLU’s Technology and Liberty program, questions the usefulness of the search. “They conducted a search based on information about what already happened,” he said. “If it weren’t so deadly serious, it would be silly.”

He added, “Somebody speculates on a potential event, and adds another level of speculation,” he said. “What types of activities would be necessary to execute this type of event? Those people are then de facto suspects of a crime that has never happened, and that only exists in someone’s imagination.”

Zadra dismissed these concerns. “We’re not profiling anybody,” he said. “Law enforcement has been going through this process for decades.”

Shrewsbury tried to distance the terrorist search from Matrix. “We don’t use that component at all,” he said. “It’s not on Matrix at all.” However, the basic information that was used to conduct the search is still available on Matrix, and there is no way for the public to know if such searches are being conducted.

The types of data included in Matrix have also worried civil liberties and privacy activists. Finding out what exactly is in the database has been almost impossible. While the company states on its website that Seisint does not own magazine subscription lists, telephone calling records, credit card transactions or credit report trade line data, the company has refused to open its operations for verification after requests by Senator Russ Feingold (D-Wisc.) and the ACLU.

Company officials insist that the data is all publicly available, and that Matrix is just compiling previously available data in a central source. “Since it’s public data, my name is in there. Your name is in there,” Zadra said. “It’s just information we already have access to.”

However, the company’s own documents state that, “The associative links, historical residential information, and other information, such as an individual’s possible relatives and associates, are deeper and more comprehensive than other commercially available database systems presently on the market.”

Calabrese of the ACLU said using the term “public records” is a misnomer. “It’s not at all clear what that means,” he said, adding that Seisint seems to consider commercially available data to be “public information,” though most of the public does not have access to this data.

In addition, although Matrix currently operates in only five states, it has driver’s license information from 15 states, motor vehicle registration from 12 states, Department of Corrections information from 33 states and sexual offender information from 27 states, according to Seisint documents.

In some cases, states have sold the data to Seisint. For instance, according to the ACLU, Ohio sold its driving records to Seisint for $50,073 two years ago. In other cases, Seisint has presumably purchased this information from commercial databases, where driver’s license data is readily available.

Zadra said Matrix continues to use that information in its searches, even if it is not obtained directly from a particular state government. “We’ve had a lot of states that said, ‘I won’t participate in Matrix,'” Zadra told The NewStandard. “I say, ‘You are a Matrix participant because you sell your motor vehicle and criminal information anyway.'”

The security of these billions of records has been among the most persistent concerns of privacy advocates. If a hacker gained access to the database, the information gained could be used for dozens of potential purposes, ranging from simply locating an individual to selling Matrix data to businesses for marketing purposes.

Although Seisint officials argue that its data is safe, and note that the supercomputers are housed in a secure room outfitted with motion detectors, cameras, an alarm system, and an armed guard, many privacy advocates also remain concerned that the data could still be vulnerable.

They argue that the extensive office security overlooks the main issue. The data, they say, is most vulnerable in the police stations around the state where it is used on a daily basis. In Florida, 1,000 law enforcement officials have access to the Matrix, and privacy activists are concerned that the data there could be hacked or physically stolen. Zadra dismissed these concerns, insisting that one would need a login ID and password to access the system, and that all system activity is logged.

“Step back and think about the scope of this,” Calabrese said. “One thousand [access] licenses, spread out around the state, using the Matrix for God knows what.”

Lee Tien, senior staff attorney at the Electronic Frontier Foundation, a nonprofit privacy advocacy organization, argues that the majority of security problems come from “people on the inside, not people on the outside,” and that Seisint does little to prevent this. “I think the presumption has to be that it’s not secure,” he said. “Systems that have a lot of people who can have access to the data are inherently not secure, just based on the numbers.”

The ACLU is attempting to pressure the five remaining states to end their contracts with Seisint; but even if this happened, the information it compiled would still exist. “Even if you knocked it out completely, it would be pretty easy to reconstruct,” Calabrese said. “You can’t put the genie back in the box.”

In the meantime, Zadra attempted to reassure worried citizens. “I could misuse any one of hundreds of [other] databases,” he said. “Granted, [Matrix] would make it easier and faster because I could get it all out of one space.” He paused, then added, “We’re using it for investigative purposes only.”